[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit review for 2.4.39

Michael StrÃder wrote:
Quanah Gibson-Mount wrote:
--On Friday, January 10, 2014 11:18 AM +0100 Michael StrÃder
<michael@stroeder.com> wrote:

Hmm, ITS#7683 was meant to show which clients are connecting with Perfect
Forward Secrecy.

The change does not apply cleanly and results in a substantial number of merge
issues.  Given this, it will not be merged into the RE24 branch.  It will be
part of 2.5.

I can't believe that the OpenLDAP project wants to postpone such a important
feature for another year or two (until 2.5 stable release). Today all mail and
HTTP servers can log the TLS cipher negotiated for a connection. It's a really
urgent feature to centrally examine existing client configurations.

2.4 is in feature freeze. We tried to accomodate your request, despite the freeze, but the code changes are too extensive. The idea here is to quit making any major upheavals in the 2.4 branch, not keep adding them in perpetuity.

Examining client configuration really isn't even relevant. If you want to ensure that a secure cipher is negotiated, then configure a narrower set of supported ciphers. This is hardly as critical a feature as you make it out to be.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/